Set User-Defined.Realname= List.OfString.ToString(Authentication.GetUserGroups<LDAP_LOOKUP_REALNAME>,"")

R: RestoreUserGroups

Set Authentication.UserGroups= User-Defined.UserGroups

RS: Authenticate with User Database

Criteria: Authentication.IsAuthenticatedequals false

R: Authenticate with User Database

Criteria:Authentication.Authenticate <User Database> equals false

Stop Rule Set

RS: Perform Authentication

Criteria: Authentication.IsAuthenticatedequals false

R: Prevent Browser fromtrying Negotiate with NTLM

Criteria: Authentication.RawCredentialsmatches "Negotiate TlRM*"

Authentication.ClearMethodList

Authentication.AddMethod("NTLM","", true)

R: PerformAuthentication

Authenticate<Default>

This works pretty well most of the time. However, my users found at least on site where this doesn't work: http://www.wetter.com, they keep getting authentication requests after successfully requesting the site first, then waiting for a minute or so, with Firefox as well as with Internet Explorer.

What I can see in Wireshark (tested with Firefox):

1.) good case

Q: GET

A: 407, Proxy-Authenticate:Negotiate & NTLM

Q: GET, Proxy-Authorization NegotiateTlRM…

A: 407, Proxy-Authenticate: NTLM

Q: GET, Proxy-Authorization NTLM TlRM…

A: 407, Proxy-Authenticate: NTLM TlRM… (NTLMSSP_CHALLENGE)

Q: GET, Proxy-Authorization NTLM TlRM…

A: 200

1.) bad case

Q: GET

A: 407, Proxy-Authenticate:Negotiate & NTLM

Q: GET, Proxy-Authorization NegotiateTlRM…

A: 407, Proxy-Authenticate: NTLM

Q: GET, Proxy-Authorization NTLM TlRM…

A: 407, Proxy-Authenticate: NTLM TlRM…

Q: GET, Proxy-Authorization NTLM TlRM…

A: 407, Proxy-Authenticate:Negotiate & NTLM *bang*

Obviously Web Gateway seems not to like what Firefox offers for authentication. Except that was good enough some milleseconds before.

Same behaviour when user is not logged into the domain (no SSO in this case) and manually supplies the credentials.

Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.